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(57) Abstract 



A system, described in reference to the figure, for providing secure transmission of an encrypted file over a computer network (16) 
having a central file server (12) operatively connected through a communication line with a remotely located client server (14). A data 
encryption and input unit (18) operatively connected to the central file server (12) and capable of receiving and encrypting a plurality of 
files. The central file server (12) uploads selected pro-encrypted files from the encryption and input unit (18). The remote server includes 
a protocol handler (22) which utilizes an existing protocol to spoof the central file server (12) to transmit selected files in an encrypted 
form to the remote server (14). The protocol functions then to algorithmically decrypt the files by generically modifying the incoming data 
associated with the file and a content handler (28) connected (26) to the protocol handler (22) then forwards (30) the modified data to a 
pre-loaded software program for opening and presentation. 
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SYSTEM AND METHOD FOR TRANSMISSION OF ENCRYPTED 
FILES FROM A CENTRAL SERVER COMPUTER 
TO A REMOTE COMPUTER 

5 Background of the Invention 

FteM of the lui&iiUmi 

The present invention relates generally to data encryption systems and 
techniques and, more particularly, to a system for providing secure 
transmission of encrypted files from a central server computer to a remote 

10 computer and method for practicing the same and which utilizes existing 
protocols, servers and clients. 
Description of the Prior Art 

The use of Internet technologies for delivering various types of data 
content has increased dramatically in the past few years. Public networks have 

15 made the electronic transfer of data between organizations relatively simple. 
However, with the simplicity comes great security risks. Numerous solutions 
have been proposed for securing data during its transmission over a network, 
such as various encryption schemes, and the result of which is the existence of 
a burgeoning amount of Internet commerce. Additionally, much of this data 

20 delivery has spawned the creation of customized client/server combinations or 
content-handling programs to view data files and it has been found that the 
continual creation of software to provide access to new types of data, and in 
particular encrypted data, becomes very inefficient. 

According to existing systems, data is uploaded to a central file server 

25' in unencrypted form and prior to subsequent encryption and transmission over 
a network to a remote server. Typically, a protocol handler at the remote client 
location or server requests a file over the network from die central server. The 
file is requested from the server and the server responds with the file and a 
MIME type. 
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Upon receiving the encrypted file, the protocol handler forwards the 
data within the file to a content handler unit. The content handler typically 
employs one or more decryption programs for algorithmically decrypting the 
specific types of transferred file, such as the graphic, text and audio 
5 components for subsequent display by another program. The content handler 
may further be built into the network browser or function as a stand alone unit. 
A number of different MIME types are defined to execute the appropriate 
content handler. 

The drawbacks of such conventional encryption systems include that the 
10 file must be recognized as encrypted and forwarded on to an encryption 
program. After decryption, the file must again be recognized to launch the 
proper viewing software. This type of identification is very inconsistent and 
often encryption programs do not maintain information about the type of data 
being encrypted. The user is typically then left wiUi die burden of determining 
15 what type of data is actually encrypted and/or this then involves having to 
utilize a special server and a special piece of client software for decrypting a 
file. 

A further drawback includes having to integrate data from several 
sources or different types of data onto one screen. As an example, if a World 

20 Wide Web browser needs to display a encrypted graphic, some text, and a 
video clip, current technology would not enable this to occur. The only 
solution would then be to define specific MIME types for the encrypted version 
of each media type and write decrypting content handlers for each type. This 
results in a doubling of the number of content handlers required and attendant 

25 amount of extra code Uiat needs to be developed to facilitate such functionality. 
A further evident shortcoming of the existing system is the danger of 
maintaining files in unencrypted form on the central file server and prior to 
subsequent encryption and transmission, such danger arising in the form of data 
theft from employees, contractors and odier persons having access to the central 

30 server. 
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Swmnary of tiis Present imsaitimi 
The present invention provides a system for providing secure 
transmission of an encrypted file over a computer network and which is a 
marked improvement over the above-described prior art. According to the 

5 present invention, a data encryption and input unit is operatively connected to 
the central file server for inputting and encrypting the files prior to them being 
stored in the central server. This is accomplished utilizing any conventional 
encrypting algorithm and enabling the central server to call up selected files. 
A protocol handler is operatively connected to a remotely located client 

10 or server and functions to request the encrypted file or files to be transmitted 
from the central server. The protocol handler specifically sends its request 
utilizing an existing network protocol and in effect " spoofs n the central server 
into sending data to the client which is in effect stored in the central server as 
if it was not encrypted and with the same type labeling as an unencrypted file. 

15 The effect of "spoofing" the central server causes the protocol handler to 
generically modify the incoming data (the equivalent of decryption) and thus 
providing a key decryption function which is otherwise reserved to die prior art 
systems. The protocol handler further is capable of modifying the data in this 
instance in such a way that it provides previously existing content types to the 

20 content-handling algorithm of the client. 

Using this system, any type of data can be encrypted and displayed if 
the original type of data can be displayed. All existing content handlers will 
function normally because they are dealing with unencrypted data when they 
are called. The result is that the protocol handler essentially substitutes for the 

25 functions of the content handler previously provided by the content handler in 
decrypting the files and provides for an attendant reduction in necessary 
software code and more efficient opening and viewing of die decrypted files. 
This is so because the need for specialized servers and content-handlers is 
eliminated through the protocol spoofing function. 
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Brief Description of the Drawing s 
Reference will now be made lo the attached drawings, when read in 
combination with the following -pecificalion, wherein like reference numerals 
refer to like parts throughout the several views, and in which: 
5 Fig. 1 is a schematic view of the system for providing secure 

transmission of an encrypted file over a computer network according to the 
present invention. 

Detailed Description of the Pref erred Embodiment 
Referring now to Fig. 1, a system for providing secure storage and 
10 transmission of an encrypted fde over a computer network is illustrated at 10 
according to the present invention. A central fde server 12 according to known 
construction is operably connected tluough a communication line to a remotely 
located client or server 14. The remote client 14 can qualify as any PC 
computer or the like. A network connection, illustrated schematically at 16, 
15* is known in Uie art and is capable of operably connecting the central file server 
12 with a plurality of individually located and remote client's or servers. 

A data encryption and input unit 18 is operably connected to the central 
file server 12 and is capable of receiving and encrypting a plurality of files 
prior lo uploading lo the central server 12. As was previously discussed, it is 
20 advantageous lo encrypt files prior lo uploading to Uie central server in order 
lo prevent unauthorized access or tampering by internal personnel at the central 
location. 

The procedure for calling up and transmitting encrypted files from the 
central server as diagrammatically illustrated in Fig. 1 includes the slep of the 
25 central server 12 first communicating along a line 20 across a network and to 
selected remote server 14. As is known in the art, a central server 12 could 
typically connect to large pluralities of remote client servers, however only a 
single server is illustrated for convenience sake. 

The data is encrypted and stored on the central file server 12 in a 
30 format consistent as if it was not encrypted and with the same type labeling as 
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an unencrypted file, particularly such as in a hyper text transmission protocol 
(hup) or a file transfer protocol (ftp). Forming an integral part of the client, 
or forming a separated and connected part, is a protocol handier 22 which 
functions to request, through the network 16, a selected file or files from the 
5 central server 12. This is accomplished by the protocol handler 22 making a 
request for information using a locally defined network protocol and sending 
the request along a communication line defined at 24 extending from the 
protocol handler 22, through the network 16 and to the central file server 12. 
The request thus invokes a new protocol-handler and in effect "spoofs" the 
10 central server 12 into sending the encrypted data, labeled in unencrypted form, 
to the client. 

The protocol handler 22, once it receives the encrypted data through the 
remote server 14 and via line 20, algorithmically decrypts the data generically 
modifying the data in such a way that it provides previously existing content. 

15 The trigger used to open encrypted files is the relabeling of an existing protocol 
handler. As an example, a HTTP protocol could be relabeled as MDRP and 
would still connect to the server using standard HTTP protocol. Likewise, a 
FTP protocol may be employed. However, when the data is received, the type 
of encryption, if any, would be determined by the client's protocol handler. 

20 A single protocol handler decrypts all possible data types and then sends 

the unencrypted files, via a line 26, to a content handler 28 operably connected 
thereto which determines the type of data utilizing one or more MIME types 
and then forwards the data, via a further line 30, to another software program 
and viewer 32 for opening the file. By utilizing protocol spoofing the one 

25 protocol handler eliminates the need for many separate content handlers and 
MIME types. 

Manifestations of the above-described system include the design of 
prototype health information systems which model a method to provide access 
to medical records over the Internet. Also, the technique of protocol spoofing 
30 could also be used for data conversion or any other types of systems which 
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involve the. application of a standard algorithm. For example, a compression 
algorithm that saves space on a file server could be implemented in a spoofing 
protocol handler. The data would be stored in a compressed fashion possibly 
using an uploading spoofing protocol handler. The data could then be retrieved 
5 using the same protocol handler with the complementary decompression 
algorithm. 

A method of providing for secure transmission of an encrypted file 
utilizing the system according to the present invention is also disclosed and 
includes the steps of loading the selected file or files into a data encryption and 

0 input unit which is operalively connected to the central file server and 
encrypting the file according to any conventionally known procedure. 
Additional steps include the protocol handler requesting transmission of the file 
over the network utilizing an existing protocol and decrypting the file through 
generically modifying the incoming data and transferring the decrypted file to 

S a content handler for subsequent presentation by a software viewer. 

Having described my invention, additional preferred embodiments will 
become apparent to those skilled in the art to which it pertains without 
deviating from the scope of the appended claims. 
I claim: 



WO 00/62472 



PCT/US00/05135 



7 

Claims 

1 1 . A system for providing secure transmission of an encrypted file over 

2 a computer network, said system comprising: 

3 a central file server; 

4 said central file server operably connecting through a communication 

5 line with a remotely located server; 

6 a data encryption and input unit operably connected to said central file 

7 server and capable of receiving and encrypting a plurality of files; 

8 said central file server uploading selected pre-encrypted files from said 

9 encryption and input unit; 

10 said remote server further including a protocol handler operably 

1 1 connected thereto, said protocol handler requesting at least one of said plurality 

12 of encrypted files using a standardized protocol to be transmitted from said 

13 central file server; 

14 said protocol handler decrypting said at least one file by generically 

15 modifying incoming data associated with said file; and 

16 a content handler operably connected to said protocol handler and 

17 receiving said decrypted file, said content handler forwarding said modified 

18 data to a pre-loaded software program for subsequent display. 

1 2. The system as described in claim 1, further comprising said data 

2 , being stored in said central file server utilizing an identical type labeling as a 

3 corresponding unencrypted file. 

1 3. The system as described in claim 1, further comprising said content 

2 handler determining the type of data sent by said protocol handler utilizing one 

3 or more MIME types. 

1 4. The system as described in claim l t further comprising said protocol 

2 handler being capable of decrypting all data types. 
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1 5. The system as described in claim 4, said standardized protocol 

2 further comprising an HTTP protocol. 

1 6. The system as described in claim 4, said standardized prolocoJ 

2 further comprising a FTP protocol. 

1 7. The system as described in claim 1, further comprising said protocol 

2 handier algorithmically decrypting said at least one file through the use of one 

3 or more keys. 

1 8. A method for providing secure transmission of an encrypted file over 

2 a computer network, comprising the steps of: 

3 loading a selected file iuo a data encryption and input unit which is 

4 operativeiy connected to a central file server; 

5 encrypting said selected file within said encryption and input unit and 

6 uploading said file into said central file server; 

7 requesting said encrypted file for transmission over the network from 

8 a protocol handler operativeiy communicating with said remote server and 

9 utilizing an existing protocol to obtain said encrypted files; 

10 decrypting said file through said protocol handler utilizing a private key 

1 1 and by generically modifying the incoming data associated with said file; and 

12 transferring said decrypted file to a content handler operativeiy 

13 connected to the protocol handler for forwarding to a software viewer for 

14 opening and presentation. 
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